TechBook on
Profile picture
amaan-ngp

Tool to check if your server supports 1000k(1 million connections).


#web-server-related #nginx #haproxy #performance-tuning

#p #benchmarking

Show More

JSON Incremental digger


#bash-productivity #linux #linux-command-line #p

Show More

HttpRoute is a lightweight high performance HTTP request router for Go.


#golang #benchmarking #performance-tuning #p #github

Show More

Cheatsheets for Most DevOps Applications and tools


#ansible #redis #linux #docker #p

Show More

VictoriaMetrics is a fast, cost-effective and scalable monitoring solution and time series database.

#github #monitoring #prometheus

Show More

Best note taking app for linux


#bash-productivity #linux #linux-command-line

Show More

So which TLS version is a good one? #security

Show More

Highlights

Note that all OpenSSL versions that support TLS 1.1 also support TLS 1.2, so setting the minimum version to TLS 1.2 instead of TLS 1.1 would have no practical drawback for users of OpenSSL, as far as I can tell. There are PostgreSQL clients that don’t use OpenSSL, such as the JDBC driver, but it seems unlikely that the version of the Java stack you use would not support at least TLS 1.2 at this point. It is probably too early to require TLS 1.3. The protocol itself and the required OpenSSL release are only about a year old, and so you probably won’t find them in most operating installations that are currently in use.

Postgres extension to get information about SSL certificates.



* Create extensions if not exists.

testdb> SELECT * FROM pg_available_extensions WHERE name = 'ssl_info';

+------+-----------------+-------------------+---------+

| name | default_version | installed_version | comment |

|------+-----------------+-------------------+---------|

+------+-----------------+-------------------+---------+

SELECT 0

Time: 0.228s

testdb> create extension sslinfo;

 

CREATE EXTENSION

Time: 0.246s

testdb> select ssl_is_used();

+-------------+

| ssl_is_used |

|-------------|

| True    |

+-------------+

SELECT 1

Time: 0.220s

testdb> select ssl_cipher();

+-----------------------------+

| ssl_cipher         |

|-----------------------------|

| ECDHE-RSA-AES256-GCM-SHA384 |

+-----------------------------+

SELECT 1

Time: 0.218s

testdb> select ssl_version();

+-------------+

| ssl_version |

|-------------|

| TLSv1.2   |

+-------------+

SELECT 1

Time: 0.218s

testdb> select * from pg_stat_ssl;

+-------+------+---------+-----------------------------+------+-------------+-----------+---------------+-----------+

| pid  | ssl | version | cipher           | bits | compression | client_dn | client_serial | issuer_dn |

|-------+------+---------+-----------------------------+------+-------------+-----------+---------------+-----------|

| 10441 | True | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | False    | <null>  | <null>    | <null>  |

| 17043 | True | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | False    | <null>  | <null>    | <null>  |

| 11171 | True | TLSv1.2 | ECDHE-RSA-AES256-GCM-SHA384 | 256 | False    | <null>  | <null>    | <null>  |

+-------+------+---------+-----------------------------+------+-------------+-----------+---------------+-----------+

SELECT 3

Time: 0.228s


* Select extension if exists

defaultdb> SELECT * FROM pg_available_extensions WHERE name = 'sslinfo';

+---------+-----------------+-------------------+------------------------------------+

| name  | default_version | installed_version | comment              |

|---------+-----------------+-------------------+------------------------------------|

| sslinfo | 1.2      | <null>      | information about SSL certificates |

+---------+-----------------+-------------------+------------------------------------+

SELECT 1

Time: 0.240s


#security #postgres #databases

Show More